Microsoft update email said to be fake

Page Tools

A mass email in circulation which purports to be a Microsoft
Windows update alert directs computer users to a fake website where
a trojan is installed, security professionals say.

The security firm Websense said it began receiving reports this
week of the e-mail claiming to be from Microsoft, coincidentally
after the software giant announced it was making security
updates.

"This email spoofs users into thinking that they must update
their Windows software," Websense said.

"Upon clicking on the link, users are forwarded to a fraudulent
website. This website is hosted in Australia, and was up at the
time of this alert. The website appears very similar to the real
Windows Update site."

But when a user attempts to perform the update, a trojan is
installed that allows hackers access to the infected computers, the
company said.

The British-based security firm Sophos also issued a warning
about the scheme.

"This criminal campaign exploits the public's rising paranoia
about the security of their Windows computers. If users fall for it
they may put themselves at risk of being spied upon or having their
credit card and online banking details stolen," said Graham Cluley,
senior technology consultant for Sophos.

"We have long recommended that computer users keep up-to-date
with the latest security patches, as Microsoft vulnerabilities are
often exploited by viruses, worms and hackers. But users must be
very careful to be sure they are going to the official update
websites, rather than just following links in emails which have
been sent by hackers."